From 79f7261f281f6fbd6b238ef30008bf29726440b6 Mon Sep 17 00:00:00 2001
From: penguin <penguin@epenguin.net>
Date: Fri, 5 Dec 2025 20:34:49 -0600
Subject: [PATCH 1/4] infra: move docker workflow into gentoo-utils workflow

infra: add build job to CI
---
 .gitea/workflows/docker.yml       | 42 ----------------------
 .gitea/workflows/gentoo-utils.yml | 59 +++++++++++++++++++++++++++++++
 2 files changed, 59 insertions(+), 42 deletions(-)
 delete mode 100644 .gitea/workflows/docker.yml
 create mode 100644 .gitea/workflows/gentoo-utils.yml

diff --git a/.gitea/workflows/docker.yml b/.gitea/workflows/docker.yml
deleted file mode 100644
index 90b53ad..0000000
--- a/.gitea/workflows/docker.yml
+++ /dev/null
@@ -1,42 +0,0 @@
-name: Build gentoo-utils docker image
-
-on:
-  push:
-    branches:
-      - master
-    paths:
-      - '.docker/Dockerfile'
-  pull_request:
-    paths:
-      - '.docker/Dockerfile'
-  workflow_dispatch:
-
-
-jobs:
-  build-docker:
-    runs-on: ubuntu-latest
-
-    steps:
-      -
-        name: Checkout repo
-        uses: actions/checkout@v4
-
-      -
-        name: Set up Docker buildx
-        uses: docker/setup-buildx-action@v3
-
-      -
-        name: Log in to Github Container Registry
-        uses: docker/login-action@v3
-        with:
-          registry: git.epenguin.net
-          username: ${{ gitea.actor }}
-          password: ${{ secrets.CI_TOKEN }}
-
-      -
-        name: Build and push
-        uses: docker/build-push-action@v6
-        with:
-          push: true
-          tags: git.epenguin.net/${{ gitea.repository }}:latest
-          context: "{{defaultContext}}:.docker"
diff --git a/.gitea/workflows/gentoo-utils.yml b/.gitea/workflows/gentoo-utils.yml
new file mode 100644
index 0000000..c6e78f0
--- /dev/null
+++ b/.gitea/workflows/gentoo-utils.yml
@@ -0,0 +1,59 @@
+name: Gentoo Utils
+
+on:
+  push:
+    branches: [master]
+  pull_request:
+    branches: [master]
+
+jobs:
+  build-docker:
+    runs-on: ubuntu-latest
+    continue-on-error: true
+    steps:
+      -
+        name: Checkout repo
+        uses: actions/checkout@v5
+        with:
+          fetch-depth: 0
+
+      - name: Check for changes before building
+        id: image-changes
+        run: |
+          if git diff --name-only ${{ gitea.event.before }} ${{ gitea.sha }} | grep -q '^\.docker/'; then
+            echo "changes_detected=true" >> $GITEA_OUTPUT
+          else
+            echo "changes_detected=false" >> $GITEA_OUTPUT
+          fi
+      -
+        name: Set up Docker buildx
+        if: steps.docker-changes.outputs.changes_detected == 'true'
+        uses: docker/setup-buildx-action@v3
+
+      -
+        name: Log in to Github Container Registry
+        if: steps.docker-changes.outputs.changes_detected == 'true'
+        uses: docker/login-action@v3
+        with:
+          registry: git.epenguin.net
+          username: ${{ vars.CI_BOT_USERNAME }}
+          password: ${{ secrets.CI_BOT_TOKEN }}
+
+      -
+        name: Build and push
+        if: steps.docker-changes.outputs.changes_detected == 'true'
+        uses: docker/build-push-action@v6
+        with:
+          push: true
+          tags: git.epenguin.net/${{ gitea.repository }}:latest
+          context: "{{defaultContext}}:.docker"
+
+  build:
+    runs-on: gentoo-utils
+    needs: build-docker
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@v5
+
+      - name: build and check
+        run: ./check.sh

From 231b43a9497578b5d61ea905ef9b59cfa612d3cb Mon Sep 17 00:00:00 2001
From: penguin <penguin@epenguin.net>
Date: Fri, 5 Dec 2025 20:35:33 -0600
Subject: [PATCH 2/4] infra: docker: add nodejs

nodejs is required to run github actions
---
 .docker/Dockerfile | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.docker/Dockerfile b/.docker/Dockerfile
index c1e6525..8aaad1f 100644
--- a/.docker/Dockerfile
+++ b/.docker/Dockerfile
@@ -11,7 +11,9 @@ RUN emerge \
     llvm-core/clang \
     llvm-core/lld \
     dev-vcs/git \
-    sys-process/parallel
+    sys-process/parallel \
+    net-libs/nodejs
+
 
 RUN git clone https://jturnerusa.dev/cgit/ebuilds/ /var/db/repos/spawns
 

From 8f4a7bfc4fcc2b896df291b16257eaeda09b9a80 Mon Sep 17 00:00:00 2001
From: penguin <penguin@epenguin.net>
Date: Fri, 5 Dec 2025 20:35:56 -0600
Subject: [PATCH 3/4] docker: run as non-root user in containers using this
 image

---
 .docker/Dockerfile | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.docker/Dockerfile b/.docker/Dockerfile
index 8aaad1f..b3b1e19 100644
--- a/.docker/Dockerfile
+++ b/.docker/Dockerfile
@@ -23,6 +23,10 @@ RUN mkdir -p /var/cache/distfiles/git3-src && chown portage:portage /var/cache/d
 
 RUN emerge =dev-build/meson-9999
 
+RUN useradd -m gentooligan
+
+USER gentooligan
+
 WORKDIR /workspace
 
 ENTRYPOINT /bin/bash

From cb85ad75b357d03471ab18d7a87ef72ddd08e5f2 Mon Sep 17 00:00:00 2001
From: penguin <penguin@epenguin.net>
Date: Fri, 5 Dec 2025 20:36:11 -0600
Subject: [PATCH 4/4] infra: docker: set portage to shallow clone packages via
 git

---
 .docker/Dockerfile | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.docker/Dockerfile b/.docker/Dockerfile
index b3b1e19..89109cb 100644
--- a/.docker/Dockerfile
+++ b/.docker/Dockerfile
@@ -2,6 +2,8 @@ FROM gentoo/stage3:latest
 
 COPY ./. /
 
+ENV EGIT_CLONE_TYPE=shallow
+
 RUN getuto
 
 RUN emerge-webrsync